And, it seems appropriate at this point in time for the Admin to give up their sole priviledge of locking someones account and let the Moderators have that function enabled. It would help stop this stuff until someone makes it hard for the spammers to register on this thing...

How many moderators are there? It seems like if you had 4 or 5 high ranking moderators and then a larger group of people that can disable accounts (Not delete) and move messages to handle spam right there and now. That way, you get plenty of eyes to handle the spam problem and then move messages to a place for a real moderator to delete them. If they screw up, they lose their jobs.

We already have visual confirmation and do not allow guests to post. Spammers have figured out how to bypass visual confirmation already so it's of limited use. The question one is interesting, I'll have to add that to the list of things I am looking into. I have a different mod I'll try later today, hopefully that will keep this particular spambot from registering tomorrow.

Why not limit the number of posts that a new account can have on a daily basis. After some period of time. this daily limit just goes away.

On a similar thought, what is the highest number of valid posts one account has had in a day? If the coding would be simpler, limit all accounts on a daily basis. While this may be a large number, I would expect it to be well less than the 500+ you were just hit with.

Neither of the above options would solve the problem, I am not sure there is a perfect solution, but at least they would limit the problem to a more reasonable number.

IMdB has a post quota on everyone on that board. After you post, you can't post again for two minutes. Course a hacker can program a bot to wait for yea-number minutes and post again but it would give the regular eyes a chance to spot it and report, or kill in the case of a mod. We wouldn't have "every-ten-seconds-rapidfire-submachinebot" spammage happening where it only takes an hour to flood the site.

I have thought about limits too, and it would slow them down a bit but not stop them. One issue is that as far as I can tell, when a message is deleted there's no record left of it. So, they come in, post 10 (or whatever the limit is) messages, a moderator comes in and deletes them. Now that user has zero posts and can start posting again. Or, they can create an account, wait a week, then start spamming with it.

Pretty much any mod we put in will only slow them down a bit and stop the dumber spambots. The question one and instaban are the only published mods I see out there right now that seem to stand a chance at making a huge difference. I haven't seen much activity since I put in the confusabot mod this morning, hopefully that will calm things down a bit until I can get comfortable enough with the code to put in some more complicated changes.

just an observation, but there's now scotto, bbsue, dork, antiM, emily... many more people comming together to tackle things than previously and its starting to show. they are volunteering their time and effort and i know I appreciate it. granted the spamming problem has been around too long and i understand people's frustrations, but i hope that others can see this change and support them.

spectabillis wrote:just an observation, but there's now scotto, bbsue, dork, antiM, emily... many more people comming together to tackle things than previously and its starting to show. they are volunteering their time and effort and i know I appreciate it. granted the spamming problem has been around too long and i understand people's frustrations, but i hope that others can see this change and support them.

Honestly - I am very appreciative of all the help the current moderators do for this board. I am just glad you are not doing it anymore.

When I say it doesn't work, I mean the spambots already know how to read the letters in the image. There might be a system out there that's more difficult for those programs to read, but enough of their tries will still probably work.

Back on topic when info on how to circumvent image verification exploits makes it to Darknet, the security value is nil. Image Verification is no longer effective, the horse is dead, hold your floggers.

Dork wrote:When I say it doesn't work, I mean the spambots already know how to read the letters in the image. There might be a system out there that's more difficult for those programs to read, but enough of their tries will still probably work.

Just out of curiosity.. do these spambots use proxies? If so we can block alot of known proxie servers by IP address. I have a couple links to pages that have tons of proxies if you wanted to add the IPs to your block/ban list.

can post them up anyways. its been some time since i searched but my wish was to find a mod that lets the admin batch upload and install a list of reported bad ipaddr/domains. that was almost two years ago though when i looked, my thinking was something similar to an opensource antivirus app that gets community updates on what to scan for.

PM sent to Emily and Dork. Keep in mind that these sites I sent you two update DAILY. You might need a mod just to block IP addresses 24-7. Hope those lists help out stopping the spammers. I was poking around the PHP website and it looks like there is a mod that blocks "open proxies". Would this work to block all of the bot software? I don't know much about these bots but I imagine these folks are probably using some kind of anonymous web surfing so they don't get in trouble. Good luck and thanks for all the hard work you put in.

Memberlist Access - With this MOD admin can decide who gets to view the memberlist. Options include: All, registered users, moderators, admins. Options are settable from the ACP.

Live Email Validate (LEV) - When a user signs up or edits their email address, this MOD will attempt to verify it via the DNS MX records and a test SMTP session, returning true or false as appropriate. In the event of failure, some server responses are displayed if DEBUG is set to true in constants.php

CodeCrush IP Log - This is an IP logger, that will log the IP of anyone browsing to your phpbb forums. It also logs referral info, ACP-logins and browser revision. Created cause I couldn't find any other IP-tracking utility within phpbb besides the poster_ip. I wanted to keep a log of all visitors not just posters. - fantastic for barring and identifying bad users

and yes they still get through, the ones that do are manual operators in which case barring of the ips usually suffice, if they were teched up they would be using software with variable ip.